package com.example.securitydemo.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.annotation.security.RolesAllowed;

/**
 * @Package: com.example.securitydemo.controller
 * @ClassName: UserController
 * @Author: Think
 * @CreateTime: 2021/7/31 11:48
 * @Description:
 */
@RestController
public class MyUserController {

    @GetMapping("/addUser2")
    // 角色可以省略ROLE_前缀，也可以不省略，效果一样
    @RolesAllowed({"admin"})
    public String addUser2() {
        return "add user success!";
    }

    @GetMapping("/deleteUser2")
    // 角色可以省略ROLE_前缀，也可以不省略，效果一样
    @RolesAllowed({"admin", "manager"})
    public String deleteUser2() {
        return "delete user success!";
    }

    @GetMapping("/addUser3")
    @Secured({"ROLE_admin"})
    public String addUser3() {
        return "add user success!";
    }

    @GetMapping("/deleteUser3")
    @Secured({"ROLE_admin", "ROLE_manager"})
    public String deleteUser3() {
        return "delete user success!";
    }

    @GetMapping("/addUser4")
    @PreAuthorize("hasAuthority('user:add')")
    public String addUser4() {
        return "add user success!";
    }

    @GetMapping("/deleteUser4")
    @PreAuthorize("hasAuthority('user:delete')")
    public String deleteUser4() {
        return "delete user success!";
    }

    @GetMapping("/addUser5")
    @PreAuthorize("hasRole('admin')")
    public String addUser5() {
        return "add user success!";
    }

    @GetMapping("/deleteUser5")
    @PreAuthorize("hasRole('admin') or hasRole('manager')")
    public String deleteUser5() {
        return "delete user success!";
    }

}
